National Academies Press: OpenBook
« Previous: III. STATE LAW SUMMARY
Page 44
Suggested Citation:"IV. TRANSIT AGENCY PRACTICES." National Academies of Sciences, Engineering, and Medicine. 2010. Reconciling Security, Disclosure, and Record-Retention Requirements in Transit Procurements. Washington, DC: The National Academies Press. doi: 10.17226/14404.
×
Page 44
Page 45
Suggested Citation:"IV. TRANSIT AGENCY PRACTICES." National Academies of Sciences, Engineering, and Medicine. 2010. Reconciling Security, Disclosure, and Record-Retention Requirements in Transit Procurements. Washington, DC: The National Academies Press. doi: 10.17226/14404.
×
Page 45
Page 46
Suggested Citation:"IV. TRANSIT AGENCY PRACTICES." National Academies of Sciences, Engineering, and Medicine. 2010. Reconciling Security, Disclosure, and Record-Retention Requirements in Transit Procurements. Washington, DC: The National Academies Press. doi: 10.17226/14404.
×
Page 46
Page 47
Suggested Citation:"IV. TRANSIT AGENCY PRACTICES." National Academies of Sciences, Engineering, and Medicine. 2010. Reconciling Security, Disclosure, and Record-Retention Requirements in Transit Procurements. Washington, DC: The National Academies Press. doi: 10.17226/14404.
×
Page 47

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

44 on the type of contract and whether or not the bid was successful.463 For example, Connecticut requires that local government agency bid documents for public works construction projects (whether accepted or not) be retained for 6 years after project completion or 6 years after filing if the project is not built, and then destroyed; bid documents for public works ser- vice/supply projects (whether accepted or not) be re- tained for 3 years after the audit and then destroyed; and construction documents be retained for the life of the structure.464 State statutes may specifically cover retention of state DOT records.465 Record retention guid- ance may specify how documents are to be disposed of after the required retention period. Montana, for ex- ample, specifies that contract protest records are to be shredded 4 years after the protests are resolved.466 Fed- eral requirements for disposal of SSI should be followed if they are more stringent than state record disposal requirements. The increasing use of electronic storage of informa- tion presents special challenges, as it is not always as clear what electronically stored information constitutes public records as it is for information on paper. IV. TRANSIT AGENCY PRACTICES A thorough understanding of requirements for han- dling security information is needed both to ensure that procurement personnel treat such information appro- priately and that they include appropriate safeguards in bidding and contract requirements. Developing effec- tive procedures is a critical element; ensuring appropri- ate implementation is perhaps both more critical and more difficult.467 463 See, e.g., N.M. CODE, 1.19.8.109, Capital Project Files [Fiscal or contractual documents (bids, quotes, agreements, contracts, etc.): 10 years after completion of project; Technical documents (e.g. blueprints, architectural drawings, soil tests or analyses, engineering specifications, etc.): permanent; All other documents: 2 years after close of fiscal year in which project completed], www.nmcpr.state.nm.us/nmac/parts/title01/01.019.0008.htm; Washington State Archives, Office of the Secretary of State, Local Government Common Records Retention Schedule (CORE) Version 1.0 (December 2008), 1.4 con- tracts/agreements, www.secstate.wa.gov/_assets/archives/RecordsManagement/CO RE10.pdf. 464 Office of the Public Records Administrator (Connecticut State Library), Municipal Records Retention Schedule M9, Public Works, www.cslib.org/publicrecords/retpbworks.pdf. 465 E.g., Nevada, NEV. REV. STAT. 239.085 State records: Disposition by Department of Transportation, www.leg.state.nv.us/NRS/NRS-239.html#NRS239Sec073. 466 Montana record retention schedule for purchasing pro- curements: http://sos.mt.gov/Records/forms/state/State_Schedule4.pdf. 467 See Office of the New York State Comptroller, Metropoli- tan Transportation Authority: Controls Over Security- Sensitive Information for the Capital Projects Program, Report 2006-S-6, This section discusses actual transportation agency practices concerning protection of security information. The discussion is based on both agency responses to questions posed by the author and secondary research. The intent of this section is to allow transit agencies to consider approaches adopted by other agencies as they formulate their own policies. Given the sensitivity of the topic, this section uses anonymous titles for transit agencies that provided responses directly to the author. A. Transit Agency A468 Agency A is a bus-only transit system located in Northern California. The agency operates 15 weekday local bus routes and 3 weekend/holiday local bus routes, as well as commuter routes, serving a population of almost 250,000. Agency A addresses SSI under the agency’s safety and security plan. The agency has es- tablished an internal audit system of its SSI control procedures. The safety and security plan treats SSI consistent with the guidance in FTA’s Sensitive Security Informa- tion (SSI) Designation, Markings, and Control docu- ment. Previously the agency relied on the Recom- mended Practices from the American Public Transportation Association’s Emergency Management Program Standards. The agency does not protect infor- mation other than SSI from disclosure based on secu- rity grounds. The agency’s SSI practices were formulated by the chief executive officer, chief operating officer, and direc- tor of administrative services. The SSI practices do not directly address procurement. However, the chief oper- ating officer and the agency’s procurement officer dis- cuss SSI requirements, if applicable, when they develop procurement documents. This analysis is limited to se- curity-related bid and contract documents. The practice is to exclude SSI from procurement documents to the extent feasible, limiting inclusion of SSI in contract specifications to the bare essentials required to allow a meaningful response to the solicitation. Agency A has had a very low volume of security pro- jects and thus has had limited experience in deploying its SSI practices. To the extent necessary, the agency would deploy one or more of the following methods for controlling contractor access to SSI in the procurement process, depending on how detrimental to transporta- tion safety it would be to allow the information in ques- tion to be made public: • Performing background checks. • Charging a fee to receive the documents. • Restricting review of contract documents to the re- questor. • Requiring the requestor to sign a nondisclosure form. www.osc.state.ny.us/audits/allaudits/093006/06s6.pdf. 468 The description of Agency A’s security/procurement prac- tices is based on responses from the agency to questions posed by the author. Responses are maintained in the author’s files.

45 The agency also limits which procurement personnel have access to SSI. Agency A provides SSI training to all employees; the subject covered depends on the job category in question. B. Los Angeles County Metropolitan Transportation Authority469 The Los Angeles County Metropolitan Transporta- tion Authority (MTA) has a written records manage- ment policy (RMP) to ensure compliance with the Cali- fornia Public Records Act, as well as the agency’s statutory obligations concerning records disposition. The RMP covers creation, indexing, production, reten- tion, protection, security and disposition of agency re- cords. Covered records include correspondence, memo- randa, reports, maps, tapes, photographic films/prints, charts, drawings, computer-generated and -maintained records, machine-readable records, and phonographic records. Email is covered as well. The MTA’s Records Management Center (RMC) is responsible for adminis- tering the RMP, including providing training, while department heads are responsible for program compli- ance within their departments. Each department ap- points a records coordinator to work with the RMC, managing department records pursuant to RMC guide- lines. The RMC develops the agency’s records retention schedule, which identifies categories of security- sensitive documents. Any changes to the schedule are reviewed by the agency’s legal counsel. RMC periodi- cally inventories department records to ensure compli- ance with the retention schedule. RMC oversees records inactivation, inactive records retrieval, and records de- struction pursuant to the retention schedule. Sensitive security information is shredded, pulped, erased by permanent means, or otherwise made illegible and un- usable. The RMP protocol for active file management re- quires maintaining security-sensitive documents such as facility as-built drawings in secure locations sepa- rated from documents that are not confidential or secu- rity sensitive, with access limited to designated staff. Each department is required to keep a list of designated personnel, along with their approved access levels. RMP protocol also requires purging drafts, duplicates, and nonsignificant working papers from active files on a regular basis. Sensitive security documents are re- quired to be marked as such within the agency’s docu- ment management system. Only the RMC and legal counsel have the authority to determine which records are available to the public. All agency employees receive training to this effect, including being put on notice that they are to consult 469 The description of LACMTA’s records management prac- tices is based on a review of the agency’s Records Management Policy. The records management services can be reviewed at http://www.metro.net/about/library/records-services/records- management/records-services/. with RMC and legal counsel concerning any third party requests for MTA documents. The RMP contains a section on exempt security- sensitive and privileged documents. The policy notes that due to attacks, attempted attacks, and threats against facilities, MTA limits access to categories of records that previously may have been publicly avail- able. The intent of treatment of such documents under the policy is to ensure that access will be limited to in- dividuals with an actual need to know or work with the records. Section 2.1 of the RMP lists types of documents to be considered security sensitive and specifies the need for separate maintenance in a secure environment of such documents.470 The RMP lists the following record categories as coming under the sensitive security classi- fication: construction records (design documents, final as-built drawings required by contract); engineering documents (detailed specifications, including geotechni- cal information); systems documents (describing how safety- and security-related systems operate); opera- tions records (detailing movements to and from service route); facility information (security and fueling system information); vehicle design documents; and security records (documents describing MTA security re- sponses). C. Agency C471 Agency C is the organization responsible for capital construction projects for a large multimodal transporta- tion authority. Agency C works with sister agencies of the transportation authority. Agency C has an SSI handbook covering the follow- ing elements: procedures for handling Agency C’s SSI; roles and responsibilities of Agency C and vendor per- sonnel; Agency C evaluation guide to identify types of information to be protected; information technology; company nondisclosure and confidentiality agreements; 470 Section 2.1, Identifying Security Sensitive and Privileged Records, specifically provides: RMC, along with each department shall identify security sen- sitive documents that shall include, but not be limited to, the construction of all MTA facilities; operation of light and heavy rail systems; communication, power, control and emergency backup systems, emergency access. Ingress and egress methods and plans; bus scheduling process; personnel deployment plans; security plans and interagency emergency or security communi- cations; individual and computer system access codes and meth- ods; software; and other similarly related items. Any document considered security sensitive shall be main- tained in a separate protected environment and may be retained with confidential records by RMC. The manner of protecting such documents shall be dictated by the form and condition of the particular record. Once a document is identified as security sensitive, access to it shall be immediately limited, and as ap- propriate, moved to a secure location. The document may be cop- ied to a protected environment to protect the information or to limit its availability to those persons authorized to access the in- formation. 471 The description of Agency C’s security/procurement prac- tices is based on a review of the company’s Security Sensitive Information Handbook, which identifies procedures to be used during implementation of Agency C security projects.

46 Agency C nondisclosure and confidentiality agreements for individuals; employee employment and resume veri- fication; and procurement procedures. Personnel involved in Agency C’s SSI process in- cludes the Agency C security officer, who is responsible for implementing and overseeing SSI procedures and key in deciding what information is protected; the agency security officer, who is the SSI point person for the sister agency, assisting the Agency C security offi- cer in implementing required briefings and training; and the Agency C/agency project manager, who is au- thorized to handle SSI. The security officers must be U.S. citizens or permanent residents. Both the project manager and all Agency C/agency employees involved in supervising consultants, contractors, and subcontrac- tors of projects related to Agency C SSI are required to sign NDAs and undergo employment and resume verifi- cation, as are all vendor project managers, principals of vendor companies, and vendor employees working on design and construction of projects related to Agency C SSI. Agency C requires consultants and contractors to provide training to all of their employees authorized to access Agency C SSI, with disclosure of SSI only au- thorized as needed to perform official duties and on a need-to-know basis. Agency C receives a list of author- ized vendor employees. Vendors must have a document control system to track the location and number of cop- ies of documents containing Agency C SSI. Vendors must also develop an Information Technology System Management Plan covering physical, operational, and personnel procedures; Agency C must approve the plan and employees must undergo information technology security awareness training. Agency C policy ties these vendor security require- ments to the procurement process by mandating that they be made a material condition of contracts that re- quire access to Agency C SSI, with the contracts subject to termination for default where willful misconduct or lack of good faith leads to noncompliance. Vendors are also required to include these provisions in all subcon- tracts. Once a contract containing SSI is completed, the vendor must return all originals to Agency C and de- stroy all copies, following procedures set forth in the handbook. Measures to safeguard SSI include: • Prohibiting discussion of SSI in public conveyances or places, via wireless phone or radio; limiting use of discussion via speakerphone to closed-door locations. • Storing SSI with password protection or in secure containers with no indication that containers store SSI; maintaining list of individuals with access to each con- tainer. • Removing SSI from information technology system when no longer required to be on system. • Maintaining physical security to prevent unau- thorized access to hardware and software related to SSI, e.g., by requiring User IDs and keeping unat- tended information technology systems in locked space. • Using a firewall security system for SSI informa- tion technology storage systems. • Encrypting SSI data transfer. • Requiring security training for personnel with ac- cess to SSI information technology systems. • Centralizing physical storage of SSI as much as practicable. • Prohibiting removal of SSI from work area without Agency C authorization. • Once projects are complete, using card readers to track access to storage locations. • Establishing system to ensure reproduction of SSI is held to a minimum and accomplished by authorized employees; marking copies as originals are marked. • Destroying SSI to prevent unauthorized retrieval; logging destroyed documents through document control system (date of disposal, identification of material de- stroyed, signature of individuals designated to destroy and witness destruction). • Transmitting SSI in a manner preventing loss or unauthorized access: receipt required; no marking on package to indicate inclusion of SSI; packages to be re- turned if authorized recipients not present and not to be left unattended. • Limiting access to need to know: necessary for re- cipient’s job performance, recipient has read and under- stands agency SSI procedures, and has signed NDA. Additional security measures include requiring all SSI documents to be marked as specified in the hand- book; maintaining lists of authorized internal and ex- ternal SSI recipients, with individuals removed from the authorized list when their need to know expires; and maintaining a list of all individuals who have or have had access, for investigative purposes; maintain- ing a document control system with log information as specified in the handbook. Agency C’s audit program evaluates consultant and vendor compliance with the security requirements set forth in the handbook. Project managers are responsible for developing pro- ject-specific evaluation guides based on the agency’s generic evaluation guide and for identifying information that must be treated as SSI pursuant to the project- specific evaluation guide. If a vendor employee believes information not designated as SSI may or should be SSI, the individual should request an evaluation by the project manager and protect the information accord- ingly until a decision is made. SSI that has been made public should still be protected until the Agency C secu- rity officer makes a formal decision. Agency C’s NDA covers the scope of SSI, obligations of nondisclosure, requirements for protection of infor- mation (including notifying Agency C of any subpoenas for SSI), and return of information. Potential recipients of SSI are given a copy of the SSI handbook and are required to execute and affidavit acknowledging receipt of the handbook. The handbook recommends that Agency C only re- lease bid documents containing SSI to bidders that have

47 completed NDAs and Information and Responsibility Request forms covering security questions. D. Transit Agency D472 Agency D is a large multimodal transit agency. As of October 2009, Agency D was in the process of develop- ing its own SSI policy. Departments involved in the development process include capital programs, capital program management, legal, procurement, and engi- neering. The policy will cover procurement as well as other issues. Agency D does protect information other than SSI from disclosure based on security grounds, and controls access to all information pertaining to construction pro- jects. To date the agency has only had occasion to re- view security-related projects for CII/SSI. However, as it develops its SSI policy, Agency D intends to require the review of all projects to determine the need for con- trolling access to procurement documents based on the nature of the project. Rather than focusing on whether the project provides security, the policy will focus on whether information in the procurement is sensitive. For example, a procurement for a project to place cam- eras in a visible manner in a public area may not re- quire restricted access to procurement information, while a procurement to do structural work on a subway tunnel may require restricted access because of the need to review sensitive structural information to bid and to carry out the contract. This approach allows for the prioritization of security information by the incre- mental damage a threat source would gain by knowing the information. Agency D controls contractor access to SSI and other security information by requiring prospective vendors to register with FedBizOpps,473 the federal contracting Web site database. Registration on this Web site re- quires getting cleared to receive sensitive material. Agency D is also considering carrying out some secu- rity-related construction work in-house, which would avoid the need to manage contractor access to security information. Agency D does have a single point of contact in each of its major groups for handling SSI. Procedurally, pro- ject design managers review project information for SSI and notify procurement of the SSI classification. This requires both engineers and procurement personnel to be trained on SSI classification and management. E. Agency E474 Agency E is a transportation authority responsible for surface transportation in a county in the western 472 The description of Agency D’s security/procurement prac- tices is based on responses from the agency to questions posed by the author. Responses are maintained in the author’s files. 473 www.fbo.gov/. 474 The description of Agency E’s security/procurement prac- tices is based on responses from the agency to questions posed by the author. Responses are maintained in the author’s files. United States. Agency E administers the county’s bus and paratransit public transportation system. Agency E requires all employees working on vulner- ability assessments, security plans, and security en- hancement plans to execute confidentiality agreements specifically regarding requirements for maintaining confidentiality of material and acknowledging penalties for noncompliance. Agency E’s Security/Safety Section reviews only security-related bids for CII/SSI. F. Virginia Department of Transportation475 The Virginia Department of Transportation’s (VDOT) Critical Infrastructure Information/Sensitive Security Information (CII/SSI) Policy is an internal document. However, elements of the policy are de- scribed in publicly available documents, such as VDOT’s guide to identifying CII/SSI. In addition, VDOT’s CII/SSI Guide for Vendors and Contractors is publicly available. The guide cautions that if the information is custom- arily public knowledge or the general public has a need to know the information, then it is not CII/SSI. The guide is based on the criteria on the safety and security exemptions in the Virginia Freedom of Information Act, which provides that records falling under the exemp- tions are excluded from the mandatory disclosure provi- sions of the act, but may be disclosed at the custodian’s discretion unless otherwise required by law. The guide lists categories of information that might be CII/SSI. These include: • Engineering and construction drawings and plans that would reveal critical structural components or se- curity equipment and systems, if disclosure would jeop- ardize the health or safety of any person or structure. • Documentation describing the design, function, op- eration or access control features of any security sys- tem, manual or automated, used to control access to or use of any automated data processing or telecommuni- cations system. • Plans and information to prevent or respond to terrorist activity, if disclosure would jeopardize the safety of any person, including vulnerability assess- 475 The description of VDOT’s sensitive information protec- tion procedures is based on a review of several publicly avail- able documents: Location and Design Division’s Instructional and Informational Memorandum on Procedures for Protecting Sensitive Information, www.extranet.vdot.state.va.us/locdes/electronic%20pubs/Bridg e%20Manuals/IIM/SBIIM71.pdf (accessed Apr. 1, 2009); VDOT’s CII/SSI Guide for Vendors and Contractors, http://www.virginiadot.org/business/resources/const/CII_SSIGu ideV6.0InterimRevisionFINAL.PDF; VDOT’s Critical Infra- structure Information (CII) Sensitive Security Information (SSI) Agreement to Establish a Company Representative, http://vdotforms.vdot.virginia.gov/SearchResults.aspx?filename =CII%20Company%20Rep%20V5.pdf (accessed Apr. 1, 2009); VDOT’s Guide to identifying CII/SSI, http://vdotforms.vdot.virginia.gov/SearchResults.aspx?filename =Guide%20to%20Identifying%20CII%20SSI.pdf.

Next: V. APPLYING SECURITY AND CONTRACT MANAGEMENT REQUIREMENTS TO THE COMPETITIVE PROCUREMENT PROCESS »
Reconciling Security, Disclosure, and Record-Retention Requirements in Transit Procurements Get This Book
×
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

TRB‘s Transit Cooperative Research Program (TCRP) Legal Research Digest 32: Reconciling Security, Disclosure, and Record-Retention Requirements in Transit Procurements highlights the legal requirements that are relevant to the transit procurement process of balancing the competing needs of open government and public security. The report explores federal and state requirements concerning record retention and disclosure, as well as practices transit agencies have adopted to meet their responsibilities in balancing these competing public policy interests.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!